CVE-2010-4221

Proftpd - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16851
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16878
exploitdb WORKING POC VERIFIED
by kingcope · perlremotelinux
https://www.exploit-db.com/exploits/15449
nomisec WORKING POC 2 stars
by M41doror · poc
https://github.com/M41doror/cve-2010-4221
nomisec WRITEUP
by Mafiosohack · poc
https://github.com/Mafiosohack/Offensive-lab-2
metasploit WORKING POC GREAT
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ftp/proftp_telnet_iac.rb
metasploit WORKING POC GREAT
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb

References (13)

Scores

EPSS 0.9109
EPSS Percentile 99.6%

Details

CWE
CWE-119
Status published
Products (2)
proftpd/proftpd 1.3.2 (8 CPE variants)
proftpd/proftpd 1.3.3 (7 CPE variants)
Published Nov 09, 2010
Tracked Since Feb 18, 2026